This CVE isn't worthy of existence. A user can crash his/her own IMAP session by issuing a specific SEARCH command, which is just slightly worse than user issuing a LOGOUT command. It took years for people to notice this bug, because just about no IMAP client issues such a command.